Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-2744

EPSS 1.71% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-2744

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Chyrp目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Chyrp是一款开源的基于PHP和MySQL的轻量级博客(Blog)引擎。 Chyrp 2.1及之前版本中存在目录遍历漏洞。借助action参数向index.php传递的输入在被用于包含文件之前没有经过正确验证,远程攻击者可借助目录遍历序列和URL编码的NULL字节包含并执行任意本地文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2011-2744

#POC DescriptionSource LinkShenlong Link
1A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2011/CVE-2011-2744.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2011-2744

登录查看更多情报信息。

Same Patch Batch · n/a · 2011-07-19 · 12 CVEs total

CVE-2011-0226FreeType psaux/t1decode.c Type 1字体解析漏洞
CVE-2011-0227Apple iOS IOMobileFrameBuffer本地权限提升漏洞
CVE-2011-2743Chyrp多个跨站脚本攻击漏洞
CVE-2011-2779HP ArcSight Connector Appliance Windows Event Log SmartConnector权限许可和访问控制漏洞
CVE-2011-2780Chyrp includes/lib/gz.php目录遍历漏洞
CVE-2011-0770HP ArcSight Connectors Windows Event Log SmartConnector跨站脚本攻击漏洞
CVE-2011-1355IBM WebSphere Application Server 'logoutExitPage'参数开放重定向漏洞
CVE-2011-1356IBM WebSphere Application Server管理控制台本地信息泄露漏洞
CVE-2011-1741EMC Documentum eRoom Indexing Server OpenText Hummingbird Client Connector缓冲区溢出漏洞
CVE-2011-2385OTRS iPhoneHandle包权限提升漏洞
CVE-2011-2528Zope和PloneHotfix20110720权限提升漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2011-2744

No comments yet

Leave a comment